Business as usual – it’s how IT would like to enjoy every day. All systems running the way they are expected to run; no threats from the outside world; and no user issues that cause process delays. It is the ideal scenario and one that rarely ever occurs. For that reason, you need a business continuity plan and out of band management. If you already have both, are they robust enough to meet the need?
A recent Continuity Central post highlighted this issue, stressing that businesses may or may not have the most robust business continuity plan in place. One of the first things to address is the scope of the plan. If it’s not clear what is covered and the actions associated with the plan, the scope may need a little work. Likewise, it should also be clear as to what kind of incidents would cause the business continuity plan to go into action. This list needs to be clear so that if a call is received in the wee hours of the morning, the head of IT knows whether or not it’s serious enough to invoke the plan.
Along with the business continuity plan, companies need to outline their recovery plans and the strategies for moving forward once the incident has passed. The recovery strategy is critical to the long-term health of the organization. This strategy needs to clearly outline details of the recovery, what needs to happen, locations, timelines, etc.
Items not needed on the day of the incident should be kept out of the business continuity plan. For instance, the responsibilities of the business continuity manager should be clearly defined ahead of time. Information that pertains to the development of the plan should be part of another document and out of the way on the day the plan needs to be put into action. If the entire plan is designed with logical sense, it will be obvious what should be included and what should be part of another strategy put in place to launch in case this day arrives.
If the aftermath of the incident means it will be a little while until it’s business as usual, you need to be able to rely on a long-term recovery plan. This plan may require the use of out of band management to maintain your network and communications, so be sure it’s in place and ready to go. You don’t want the day of the incident to be the first time you’re thinking about these things.
Finally, don’t forget to assign the right team to manage the process. There is bound to be a little chaos when the incident occurs. The better prepared you are, the less likely that chaos will amount to anything permanent. Know the plan and stay the course – it’s your best method for recovery.